Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:network_monitoring:darkstat [2018/11/18 13:52] – [Darkstat] jmlacroixdocs:guide-user:services:network_monitoring:darkstat [2018/11/28 23:53] – [Configuration] jmlacroix
Line 1: Line 1:
 ====== Darkstat ====== ====== Darkstat ======
 [[https://unix4lyfe.org/darkstat/]] [[https://unix4lyfe.org/darkstat/]]
- 
-{{page>meta:infobox:construction&noheader&nofooter&noeditbtn}} 
  
 Darkstat is an application that captures network traffic, calculates statistics about usage, and serves reports over HTTP. Darkstat is an application that captures network traffic, calculates statistics about usage, and serves reports over HTTP.
Line 10: Line 8:
  
 ===== Installation ===== ===== Installation =====
 +Installation is very simple:
 +<code bash>
 +opkg install darkstat
 +/etc/init.d/darkstat enable
 +/etc/init.d/darkstat start
 +</code>
  
 +You can also install it through luci.
 +
 +Then is you open a web browser at the address of the router on port 667, you will see the traffic graphs.
 ===== Configuration ===== ===== Configuration =====
 +In OpenWrt, **darkstat** can use almost all of the regular darkstat parameters.  These are set in the file ///etc/config/darkstat
 +//
 +<code bash>
 +config darkstat
 + option interface        'lan'
 + option syslog           false
 + option verbose          false
 + option no_promisc       false
 + option no_dns           false
 + option no_macs          false
 + option no_lastseen      false
 + option httpaddr         '0.0.0.0'
 +# option httpport         '667'
 +# option network_filter   'not (src net 192.168.1 and dst net 192.168.1)'
 +# option network_netmask  '192.168.1.0/255.255.255.0'
 + option local_only       false
 +# option hosts_max        '1000'
 +# option hosts_keep       '500'
 +# option ports_max        '60'
 +# option ports_keep       '30'
 +# option highest_port     '65534'
 +# option export_file      'darkstat_export.log'
 +# option import_file      'darkstat_export.log'
 +# option daylog_file 'darkstat_daylog.log'
 +</code>
 +
 +**Note** In OpenWrt/LEDE 17.01 and below, the last 3 parameters are not available.  The config file above is the one currently 18.06 and above (you may need to update the package in 18.06 to have them).  Also, in OpenWrt/LEDE 17.01 and below, the init script in /etc/init.d is not a procd script as in 18.06 and above.
 +
 +**Note**: the init script and the config file found in trunk are compatible with the darkstat found in OpenWrt/LEDE 17.01 and below and provides the last 3 parameters.
  
-===== Other monitoring applications =====+^ Option ^ Explanation ^ Default ^ 
 +|interface|Capture traffic on the specified network interface.  This is the only mandatory argument.|'lan'
 +|syslog|Errors, warnings, and verbose messages will go to syslog (facility daemon, priority debug) instead of stderr.|false| 
 +|verbose|Produce more verbose debugging messages.|false| 
 +|no_promisc|Do  not  use  promiscuous  mode  to capture.|false| 
 +|no_dns|Do not resolve IPs to host names.  This can significantly reduce memory footprint on small systems as an extra process is created for DNS resolution.|false| 
 +|no_macs|Do not display MAC addresses in the hosts table.|false| 
 +|httpaddr|Bind the web interface to the specified address.  The default is to listen on all interfaces.|'0.0.0.0'
 +|httpport|Bind the web interface to the specified port.  The default is 667.|Commented out| 
 +|network_filter|Use the specified filter expression when capturing traffic.  The filter syntax is beyond the scope of this wiki page; please refer to the tcpdump documentation.|Commented out| 
 +|network_netmask|Define  a "local network" according to the network and netmask addresses.  All traffic entering or leaving this network will be graphed, as opposed to the default behaviour of only graphing traffic to and from the local host.|Commented out| 
 +|local_only|Make  the  web interface only display hosts on the "local network."  This is intended to be used together with the __network_netmask__ argument.|false| 
 +|hosts_max|The maximum number of hosts that will be kept in the hosts table.  This is used to limit how  much accounting  data  will  be  kept  in  memory.   The  number  of __hosts-max__  must be greater than __hosts-keep__.|Commented out| 
 +|hosts_keep|When the hosts table hits __hosts-max__ and traffic is seen from a new host, we clean out the  hosts table, keeping only the top __hosts-keep__ number of hosts, sorted by total traffic.|Commented out| 
 +|ports_max|The  maximum  number  of ports that will be tracked for each host.  This is used to limit how much accounting data will be  kept  in  memory.   The  number  of  __ports-max__  must  be  greater  than __ports-keep__.|Commented out| 
 +|ports_keep|When a ports table fills up, this many ports are kept and the rest are discarded.|Commented out| 
 +|highest_port|Ports that are numerically higher than this will not appear in the per-host ports tables, although their traffic will still be accounted for.  This can be used to hide ephemeral ports.  By default, all ports are tracked.|Commented out| 
 +|export_file|On shutdown, or upon receiving SIGUSR1 or SIGUSR2, export the  in-memory  database  to  the  named file in the /tmp/empty directory.|Commented out| 
 +|import_file|Upon starting, import a darkstat database from the named file in the /tmp/empty directory.|Commented out| 
 +|daylog_file|Log  daily  traffic statistics into the named file in the /tmp/empty directory. The daylog format is: localtime time_t bytes_in bytes_out pkts_in pkts_outs. Lines starting with a # are comments stating when logging started and stopped. |Commented out| 
 +===== Other Bandwidth Monitoring Applications =====
 Darkstat shows the traffic in real time the traffic for different hosts within your network, but it does not show the traffic profile of the various host over time. Darkstat shows the traffic in real time the traffic for different hosts within your network, but it does not show the traffic profile of the various host over time.
  
-Another application, Bandwidthd allows to see the traffic profile of the various host over time.  It also indicate the level of traffic for various type, such as TCP, UDP, ICMP, HTTP, SMTP, FTP.  But it cannot show the IPv6 traffic.+Another application, [[docs:guide-user:services:network_monitoring:bandwidthd|Bandwidthd]] allows to see the traffic profile of the various host over time.  It also indicate the level of traffic for various type, such as TCP, UDP, ICMP, HTTP, SMTP, FTP.  But it cannot show the IPv6 traffic.
  
-The various application for monitoring bandwidth in OpenWrt can be found in the documentation page about this item.+The various application for monitoring bandwidth in OpenWrt can be found in the documentation page about [[docs:guide-user:services:network_monitoring:start|Network Monitoring]].
  • Last modified: 2020/06/07 20:50
  • by jmlacroix